Modern data protection has five key drivers, all of which an organization must seek to understand. These drivers equally apply to cloud and non-cloud related data and should form the basis of any robust data protection strategy.
These five drivers are:
Know where the data is stored/located:
Determine what information is stored locally, in the cloud, or at a third party and understand jurisdictional data privacy requirements to help determine true digital risk.
Know the sensitivity of the data
Understand the sensitivity of the data, the importance of the data to the business, and the likely impact to the business should this data be made available to non-authorized parties (including being made public) or be modified or corrupted.
Know the flow of the data through the ecosystem
Understand where the data is flowing and ensure only authorized access is permitted and that data is not transferred to non-authorized or unprotected environments.
Know who has access to the data
Assess third-party suppliers, partners and understand who has access to the data. Determine if the right identities (machine and person) do have access, and determine who should not have access to the data.
Know how well the data is protected
Know what controls are being used to protect the data. Are they operating as designed and are they operating effectively?
If you’d like to read the entire How to Design a Cloud Data Protection Strategy white paper you can read it here!